CVE-2026-21877
n8n · n8n
An authenticated remote code execution vulnerability exists in n8n workflow automation platform versions 0.121.2 and below.
Executive summary
An authenticated remote code execution vulnerability in n8n allows attackers to compromise both self-hosted and cloud instances, necessitating an immediate upgrade to version 1.121.3.
Vulnerability
This vulnerability involves a critical flaw in the n8n workflow platform that allows an authenticated attacker to execute arbitrary code. The flaw impacts the service architecture, potentially leading to full system compromise.
Business impact
The ability for an authenticated attacker to execute malicious code poses a severe risk to organizational data integrity and system availability. Given the CVSS score of 9.9, this vulnerability represents a near-total loss of control over the affected n8n instance. Successful exploitation could lead to data exfiltration, lateral movement within the network, and complete service disruption.
Remediation
Immediate Action: Upgrade all n8n instances to version 1.121.3 or later immediately.
Proactive Monitoring: Review application access logs for unusual workflow executions or unauthorized modifications to automation configurations.
Compensating Controls: Disable the Git node functionality and restrict user access to trusted personnel only until the software can be patched.
Exploitation status
Public Exploit Available: Unknown
Analyst recommendation
This vulnerability presents a critical threat to the security of your workflow automation environment. Organizations should prioritize patching to version 1.121.3 as the primary mitigation strategy to prevent unauthorized code execution and potential system takeover.